Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTTPS TidServ


  • Please log in to reply
7 replies to this topic

#1 ThV

ThV

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 30 August 2010 - 03:30 AM

Hello,
I come from the Norton community that led me to you about attack of a serious trojan.
Here is a nth case of "HTTPS TidServ" attack that personally I discover being novice in this regard.
I understood that this type of trojan causes serious problems, and belongs to the class of Rootkit, TDSS or TDL3 viruses.
Of course, my system is infected, periodically, Norton indicating attacks,I did a full scan via Norton Internet Security, without result.
I already used Microsoft's Malicious Software Removal Tool, and RegistryBooster-Uniblue to check the system, the first one didn't identify the problem and the second one pointed out problems but I did not try to repair via this program. I did not try any other solution for now.
I wonder what I have to do to eradicate this very serious "nuisance".
Thanks for your help,
Regards,
Thierry



----------------------------
ps: pc endowed with XP.

Edited by ThV, 30 August 2010 - 03:34 AM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:38 PM

Posted 30 August 2010 - 04:21 AM

Hi Thierry and welcome to BleepingComputer!

Please follow the steps in this guide and see if that fixes your problem.

Edited by elise025, 30 August 2010 - 04:22 AM.
Topic moved from Introductions to Am I Infected forum ~ Elise

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 ThV

ThV
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 30 August 2010 - 06:14 AM

Hello elise25,
Thanks for your prompt answer.
I respected your instructions, I scanned the system with tdskiller, it seems now that the messages of attacks have stopped,
. I'll also scan the syst. by using malawareBytes
. and will create a restoration point if possible,
. tdsskiller has located the problem in the repertory: C:/WINDOWS/system32/DRIVERS/Compbatt.sys
Thanks for this so quick problem resolution.
I keep you informed, if need it.
Hats off,
Thierry

Edited by ThV, 30 August 2010 - 06:16 AM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:38 PM

Posted 30 August 2010 - 06:37 AM

Hi Thierry, glad to hear it worked for you. Do you have any problems left?

Note that this rootkit has backdoor capabilities; this means that sensitive data might have been compromised. I recommend you to change any passwords and if you do online banking, to contact your financial institution/bank to inform them of the fact that your online banking data may have been compromised.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 ThV

ThV
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 30 August 2010 - 07:02 AM

Okay Elise,
I informed contact of Bank Online, thanks for this.
In addition, when you speak of password changes, you meant passwords saved in files of syst. repertories, or password that are typed online, or other which are kept in memory by Norton Internet Security. Or all?
Thanks again,
Thierry

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:38 PM

Posted 30 August 2010 - 07:09 AM

This is a very advanced rootkit; to be on the safe side, I owuld change them all; think about email passwords and especially stored passwords!

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 ThV

ThV
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 30 August 2010 - 07:15 AM

Okay Elise,
Thanks for this.
HATS OFF again.
Best Regards,
Thierry

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,107 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:38 PM

Posted 30 August 2010 - 07:19 AM

You're welcome Thierry. :thumbsup:

If you have any other questions, please let me know.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users